CPU v klidu 100%

Zpráva

Michaelus · #1 Příspěvek od **Michaelus** » 26 lis 2012 16:21

Zdravím gentlemani, potřeboval bych pomoci. Včera jsem stahoval hodně souborů a nejspíš jsem si odnesl víc než jsem chtěl. Cpu v klidu pořád na 100%, zkusil jsem zjistit co ho tak vytěžuje - taskmgr.exe. Projel jsem všechno antivirem, zkusil i program hijackthis (zvláštní bylo vždy když jsem zapl správce úloh systému neho hijackthis tak cpu šlo do normálu a po vypnutí zase na 100, ten parchant se asi schovává). Jinak bych chtěl zdůraznit, že jsem co se počítačů týče, velký laik. Nějaké rady jak to napravit? díky

#2 Příspěvek od **vyosek** » 26 lis 2012 16:24

Zdravim a vitam vas u nas na foru

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 jelikoz ac sice vlastnim vesteckou kouli od kolegu,tak je v brne dneska takova mlha, ze neni nic videt

Michaelus · #3 Příspěvek od **Michaelus** » 26 lis 2012 16:27

Ok tady je

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2012-11-26 15:41:38
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 228 GB (49%) free of 469 GB
Total RAM: 3326 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:41:52, on 26.11.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Michal\Desktop\hijackthis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\THEKMP~1\KMPlayer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SQUARE ENIX\Hitman Absolution\HMA.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michal\Desktop\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files\Movier-media\tbMovi.dll
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files\Movier-media\tbMovi.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files\Movier-media\tbMovi.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [hpfsched] C:\Windows\hpfsched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\Windows\system32\win32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_SAA04.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Windows® NetMeeting] C:\Users\Michal\AppData\Roaming\NetMeeting\ca32.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2196742219-2737495621-1387259624-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2196742219-2737495621-1387259624-1003\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2196742219-2737495621-1387259624-1003\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2196742219-2737495621-1387259624-1003\..\Run: [fsm] (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2196742219-2737495621-1387259624-1003\..\Run: [WindowsUpdate] C:\Users\UpdatusUser\AppData\Roaming\win32.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: Registration Assassin.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32172FAA-7755-47CD-81D4-DEB6EDB72D70}: NameServer = 192.168.53.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~1\windows searchqu toolbar\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\Windows\system32\spool\drivers\w32x86\hpzstatn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 13504 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\RegCure Pro.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-01-21 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}]
Searchqu Toolbar - C:\PROGRA~1\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll [2010-02-10 87488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-10-11 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
Movier-media Toolbar - C:\Program Files\Movier-media\tbMovi.dll [2010-03-09 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
BandooIEPlugin Class - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll [2011-01-13 2444688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]
{7FF99715-3016-4381-84CE-E4E4C9673020} - Searchqu Toolbar - C:\PROGRA~1\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll [2010-02-10 87488]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{ce10bf86-da68-441e-91fa-38336363e3cd} - Movier-media Toolbar - C:\Program Files\Movier-media\tbMovi.dll [2010-03-09 2355224]
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-10-11 192144]
{D4027C7F-154A-4066-A1AD-4243D8127440} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-07-12 178712]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-25 4702208]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2009-10-09 55072]
"hpfsched"=C:\Windows\hpfsched.exe [2000-06-21 36864]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
"WindowsUpdate"=C:\Windows\system32\win32.exe [2010-03-25 314368]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-01-22 40368]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-07-18 202256]
"DATAMNGR"=C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [2010-11-04 985488]
"NSU_agent"=C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2012-02-28 190768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"EPSON Stylus DX8400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [2007-04-12 182272]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"Windows® NetMeeting"=C:\Users\Michal\AppData\Roaming\NetMeeting\ca32.exe []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2012-11-22 968592]
"Steam"=C:\Program Files\Steam\Steam.exe [2012-11-26 1353080]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTAgent.exe [2011-08-17 4527424]

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Registration Assassin.LNK - C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\windows searchqu toolbar\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=L3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.mpg4"=MPG4c32.dll
"vidc.mp42"=MPG4c32.dll
"Msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"=mpegacm.acm
"msacm.ulmp3acm"=ulmp3acm.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"vidc.xvid"=xvid.dll
"vidc.MP43"=MPG4c32.dll
"VIDC.FPS1"=frapsvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-26 15:41:40 ----D---- C:\Program Files\trend micro
2012-11-26 15:41:38 ----D---- C:\rsit
2012-11-26 15:03:19 ----D---- C:\Program Files\SQUARE ENIX
2012-11-26 14:59:19 ----D---- C:\Program Files\Steam
2012-11-25 11:38:52 ----A---- C:\Windows\system32\igfxupdate.exe
2012-11-24 18:47:51 ----D---- C:\Program Files\Oracle
2012-11-23 15:39:10 ----D---- C:\Windows\Downloaded Program Files
2012-11-22 22:25:04 ----D---- C:\Windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2012-11-22 21:34:34 ----D---- C:\Windows\Debug
2012-11-22 21:16:58 ----D---- C:\Users\Michal\AppData\Roaming\ParetoLogic
2012-11-22 21:16:58 ----D---- C:\Users\Michal\AppData\Roaming\DriverCure
2012-11-22 21:16:53 ----D---- C:\Program Files\Common Files\ParetoLogic
2012-11-22 21:16:52 ----D---- C:\ProgramData\ParetoLogic
2012-11-22 21:16:52 ----D---- C:\Program Files\ParetoLogic
2012-11-22 20:18:23 ----A---- C:\Windows\system32\nvoglv32.dll
2012-11-22 20:18:23 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-11-22 20:18:23 ----A---- C:\Windows\system32\nvcompiler.dll
2012-11-22 20:18:22 ----A---- C:\Windows\system32\nvopencl.dll
2012-11-22 20:18:22 ----A---- C:\Windows\system32\nvcuvid.dll
2012-11-22 20:18:22 ----A---- C:\Windows\system32\nvcuda.dll
2012-11-22 20:18:22 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-11-22 20:15:46 ----D---- C:\Windows\cs
2012-11-22 20:14:14 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-11-22 20:12:46 ----D---- C:\Program Files\Windows Live
2012-11-22 20:11:06 ----D---- C:\Program Files\Common Files\Windows Live
2012-11-22 20:10:22 ----A---- C:\Windows\system32\webservices.dll
2012-11-22 20:02:47 ----A---- C:\Windows\system32\SearchEngine.dat
2012-11-22 20:02:45 ----A---- C:\Windows\system32\SearchIndexer.dll
2012-11-22 20:02:40 ----D---- C:\Windows\system32\update
2012-11-22 17:06:35 ----D---- C:\Users\Michal\AppData\Roaming\GlarySoft
2012-11-22 16:53:53 ----D---- C:\ProgramData\Iomatic
2012-11-22 15:57:34 ----A---- C:\Windows\reimage.ini
2012-11-22 15:56:35 ----D---- C:\Users\Michal\AppData\Roaming\Babylon
2012-11-22 15:56:35 ----D---- C:\ProgramData\Babylon
2012-11-22 15:54:26 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2012-11-22 15:52:08 ----D---- C:\Users\Michal\AppData\Roaming\PC Cleaners
2012-11-22 15:52:07 ----A---- C:\Windows\uninst.exe
2012-11-22 15:52:03 ----D---- C:\Users\Michal\AppData\Roaming\PCPro
2012-11-22 15:52:03 ----D---- C:\ProgramData\PC1Data
2012-11-22 15:51:35 ----D---- C:\ProgramData\APN
2012-11-22 15:30:32 ----D---- C:\Windows\Sun
2012-11-20 19:32:57 ----D---- C:\Users\Michal\AppData\Roaming\Theta
2012-11-19 08:27:43 ----D---- C:\Program Files\Ubisoft
2012-11-16 23:25:49 ----A---- C:\Windows\system32\vbscript.dll
2012-11-16 23:25:49 ----A---- C:\Windows\system32\mshtmled.dll
2012-11-16 23:25:48 ----A---- C:\Windows\system32\msfeeds.dll
2012-11-16 23:25:48 ----A---- C:\Windows\system32\jsproxy.dll
2012-11-16 23:25:48 ----A---- C:\Windows\system32\ieUnatt.exe
2012-11-16 23:25:48 ----A---- C:\Windows\system32\ieui.dll
2012-11-16 23:25:47 ----A---- C:\Windows\system32\wininet.dll
2012-11-16 23:25:47 ----A---- C:\Windows\system32\jscript.dll
2012-11-16 23:25:46 ----A---- C:\Windows\system32\url.dll
2012-11-16 23:25:46 ----A---- C:\Windows\system32\jscript9.dll
2012-11-16 23:25:46 ----A---- C:\Windows\system32\iertutil.dll
2012-11-16 23:25:44 ----A---- C:\Windows\system32\urlmon.dll
2012-11-16 23:25:43 ----A---- C:\Windows\system32\ieframe.dll
2012-11-16 23:25:42 ----A---- C:\Windows\system32\mshtml.dll
2012-11-16 19:44:08 ----A---- C:\Windows\system32\synceng.dll
2012-11-16 19:44:07 ----A---- C:\Windows\system32\win32k.sys
2012-11-14 14:48:42 ----D---- C:\Users\Michal\AppData\Roaming\Sony

======List of files/folders modified in the last 1 month======

2012-11-26 15:41:40 ----RD---- C:\Program Files
2012-11-26 15:41:37 ----D---- C:\Windows\Temp
2012-11-26 15:40:02 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2012-11-26 15:00:55 ----D---- C:\Program Files\Common Files\Steam
2012-11-26 14:59:25 ----SHD---- C:\Windows\Installer
2012-11-26 14:59:08 ----SHD---- C:\System Volume Information
2012-11-26 14:28:25 ----D---- C:\Users\Michal\AppData\Roaming\HpUpdate
2012-11-25 13:48:58 ----D---- C:\Windows\system32\Tasks
2012-11-25 12:59:32 ----D---- C:\Windows\SoftwareDistribution
2012-11-25 12:56:44 ----D---- C:\Windows\system32\wbem
2012-11-25 12:56:25 ----D---- C:\Windows
2012-11-25 12:40:42 ----D---- C:\Users\Michal\AppData\Roaming\Macromedia
2012-11-25 12:37:39 ----D---- C:\Windows\system32\catroot2
2012-11-25 12:37:19 ----D---- C:\Windows\inf
2012-11-25 12:37:09 ----D---- C:\Windows\Logs
2012-11-25 12:01:11 ----HD---- C:\Windows\system32\GroupPolicy
2012-11-25 12:01:11 ----HD---- C:\ProgramData
2012-11-25 11:57:39 ----D---- C:\Program Files\NVIDIA Corporation
2012-11-25 11:38:52 ----D---- C:\Windows\System32
2012-11-25 11:38:34 ----D---- C:\Windows\system32\Msdtc
2012-11-25 11:37:02 ----D---- C:\Windows\system32\config
2012-11-25 11:36:35 ----D---- C:\Windows\Tasks
2012-11-25 11:36:34 ----D---- C:\Windows\system32\spool
2012-11-25 11:36:34 ----D---- C:\Windows\system32\drivers
2012-11-25 11:36:34 ----D---- C:\Windows\system32\CodeIntegrity
2012-11-25 11:36:30 ----D---- C:\Windows\registration
2012-11-25 10:58:27 ----D---- C:\Windows\system32\directx
2012-11-25 10:56:45 ----HD---- C:\Windows\msdownld.tmp
2012-11-24 18:49:05 ----D---- C:\Windows\system32\catroot
2012-11-24 18:48:03 ----DC---- C:\Windows\system32\DRVSTORE
2012-11-24 15:39:06 ----D---- C:\ProgramData\NVIDIA
2012-11-22 21:36:38 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2012-11-22 21:30:40 ----D---- C:\Windows\SMINST
2012-11-22 21:30:40 ----D---- C:\ProgramData\EA Logs
2012-11-22 21:30:39 ----D---- C:\Windows\system32\LogFiles
2012-11-22 21:30:39 ----D---- C:\Windows\Panther
2012-11-22 21:30:39 ----D---- C:\Users\Michal\AppData\Roaming\XnView
2012-11-22 21:30:39 ----D---- C:\Users\Michal\AppData\Roaming\Vso
2012-11-22 21:30:39 ----D---- C:\Users\Michal\AppData\Roaming\Video Converter for Any Flv Player
2012-11-22 21:30:39 ----D---- C:\Users\Michal\AppData\Roaming\AIMP
2012-11-22 21:30:39 ----D---- C:\Program Files\WinTV
2012-11-22 21:30:39 ----D---- C:\Program Files\MyAshampoo
2012-11-22 21:30:39 ----D---- C:\Program Files\Movier-media
2012-11-22 21:30:39 ----D---- C:\Program Files\free-downloads.net
2012-11-22 21:30:39 ----D---- C:\Program Files\Bandoo
2012-11-22 21:30:39 ----D---- C:\Program Files\AntoniePlayer
2012-11-22 21:30:38 ----D---- C:\Windows\Minidump
2012-11-22 21:30:38 ----D---- C:\Users\Michal\AppData\Roaming\Any Video Converter Professional
2012-11-22 21:30:38 ----D---- C:\Program Files\Acoustica Mixcraft 5
2012-11-22 21:16:53 ----D---- C:\Program Files\Common Files
2012-11-22 20:57:57 ----D---- C:\Windows\rescache
2012-11-22 20:45:41 ----D---- C:\Users\Michal\AppData\Roaming\Software Informer
2012-11-22 20:14:16 ----RSD---- C:\Windows\assembly
2012-11-22 20:13:14 ----SD---- C:\ProgramData\Microsoft
2012-11-22 20:13:05 ----RSD---- C:\Windows\Fonts
2012-11-22 20:13:03 ----D---- C:\Windows\winsxs
2012-11-22 20:12:38 ----D---- C:\Program Files\Common Files\microsoft shared
2012-11-22 20:10:34 ----D---- C:\Windows\system32\cs-CZ
2012-11-20 19:26:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-20 10:47:23 ----HD---- C:\Program Files\InstallShield Installation Information
2012-11-20 10:46:41 ----A---- C:\Windows\system32\PnkBstrB.exe
2012-11-20 10:46:32 ----A---- C:\Windows\system32\PnkBstrA.exe
2012-11-20 08:22:25 ----D---- C:\Windows\Prefetch
2012-11-19 10:34:40 ----D---- C:\ProgramData\Microsoft Help
2012-11-18 12:29:36 ----D---- C:\Windows\Microsoft.NET
2012-11-17 20:58:06 ----D---- C:\Users\Michal\AppData\Roaming\Movier
2012-11-17 08:41:00 ----D---- C:\Windows\system32\migration
2012-11-17 08:40:59 ----D---- C:\Program Files\Internet Explorer
2012-11-16 23:29:50 ----A---- C:\Windows\system32\mrt.exe
2012-11-16 23:29:19 ----A---- C:\Windows\win.ini
2012-11-10 13:08:10 ----D---- C:\ProgramData\Ubisoft
2012-11-09 17:35:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2012-11-09 17:35:00 ----A---- C:\Windows\system32\nvdispgenco32.dll
2012-11-09 17:35:00 ----A---- C:\Windows\system32\nvdispco32.dll
2012-11-09 17:35:00 ----A---- C:\Windows\system32\nvd3dum.dll
2012-11-09 17:35:00 ----A---- C:\Windows\system32\nvapi.dll
2012-11-09 13:19:35 ----A---- C:\Windows\system32\nvcpl.dll
2012-11-09 13:19:23 ----A---- C:\Windows\system32\nvsvc.dll
2012-11-09 13:19:14 ----A---- C:\Windows\system32\nvsvcr.dll
2012-11-09 13:19:14 ----A---- C:\Windows\system32\nvmctray.dll
2012-11-09 13:19:13 ----A---- C:\Windows\system32\nvvsvc.exe
2012-11-09 13:19:13 ----A---- C:\Windows\system32\nvshext.dll
2012-11-08 12:21:22 ----D---- C:\Windows\AppPatch
2012-11-07 14:22:02 ----D---- C:\Program Files\Electronic Arts
2012-11-02 09:11:20 ----D---- C:\ProgramData\Origin
2012-10-31 14:21:21 ----HD---- C:\Program Files\Common Files\EAInstaller
2012-10-31 13:27:59 ----D---- C:\Users\Michal\AppData\Roaming\Origin
2012-10-31 13:27:45 ----D---- C:\Program Files\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2008-12-04 328728]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 193552]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-11-29 443448]
R1 MpKsl49f6d304;MpKsl49f6d304; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4380D33-8F2A-4B78-BFCA-FC6463AE06AF}\MpKsl49f6d304.sys [2012-11-26 29904]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-08-02 271360]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-08-02 18048]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-29 232512]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-25 2015192]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2012-11-09 9364840]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-08-03 91648]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys []
S3 aapvivn8;aapvivn8; C:\Windows\system32\drivers\aapvivn8.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-11-21 47360]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [2011-01-13 1960336]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 hpzstatn;Printer Status Server; C:\Windows\system32\spool\drivers\w32x86\hpzstatn.exe [2000-06-21 503296]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-11-09 645480]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-11-09 1259880]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-05-14 624856]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-11-20 75136]
R2 SearchIndexer;Search Indexer; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-11-26 529744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 250808]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-11 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-11 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
S4 NetPipeActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
S4 NetTcpActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 26 lis 2012 16:30

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Michaelus · #5 Příspěvek od **Michaelus** » 26 lis 2012 16:36

Log:

# AdwCleaner v2.009 - Logfile created 11/26/2012 at 16:34:39
# Updated 24/11/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Michal - MICHAL-PC
# Boot Mode : Normal
# Running from : C:\Users\Michal\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Bandoo Coordinator
Found : ICQ Service

***** [Files / Folders] *****

Folder Found : C:\Program Files\Bandoo
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\Program Files\free-downloads.net
Folder Found : C:\Program Files\FunWebProducts
Folder Found : C:\Program Files\ICQ6Toolbar
Folder Found : C:\Program Files\Movier-media
Folder Found : C:\Program Files\MyAshampoo
Folder Found : C:\Program Files\uTorrentControl2
Folder Found : C:\Program Files\Windows Searchqu Toolbar
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Bandoo
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
Folder Found : C:\Users\Michal\AppData\Local\Conduit
Folder Found : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found : C:\Users\Michal\AppData\Local\Temp\Software
Folder Found : C:\Users\Michal\AppData\LocalLow\Conduit
Folder Found : C:\Users\Michal\AppData\LocalLow\free-downloads.net
Folder Found : C:\Users\Michal\AppData\LocalLow\Movier-media
Folder Found : C:\Users\Michal\AppData\LocalLow\MyAshampoo
Folder Found : C:\Users\Michal\AppData\LocalLow\SearchquTB
Folder Found : C:\Users\Michal\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\Michal\AppData\Roaming\Babylon
Folder Found : C:\Users\Michal\AppData\Roaming\Bandoo

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = toolbar\datamngr\datamngr.dll
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\free-downloads.net
Key Found : HKCU\Software\AppDataLow\Software\Movier-media
Key Found : HKCU\Software\AppDataLow\Software\MyAshampoo
Key Found : HKCU\Software\AppDataLow\Software\searchqutb
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\free-downloads.net Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Movier-media Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyAshampoo Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{12C5F950-52F0-4C3C-A3BE-3CAF889C0A78}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin
Key Found : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin.1
Key Found : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
Key Found : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
Key Found : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
Key Found : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{12C5F950-52F0-4C3C-A3BE-3CAF889C0A78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E8A5301B-B8A1-433B-B7B9-3872B95CBAF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9A09076-E33C-4EEC-822E-F8198DAAA017}
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Found : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2186473
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\free-downloads.net
Key Found : HKLM\Software\FunWebProducts
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95D40741-CE4C-446E-BAC6-F4308A58BA4B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC9AC6CE-856C-4A3E-B8BA-8CBE478F90DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E8A5301B-B8A1-433B-B7B9-3872B95CBAF7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9A09076-E33C-4EEC-822E-F8198DAAA017}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\free-downloads.net Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Movier-media Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Found : HKLM\Software\Movier-media
Key Found : HKLM\Software\MyAshampoo
Key Found : HKLM\Software\SearchquMediabarTb
Key Found : HKLM\Software\uTorrentControl2
Key Found : HKU\S-1-5-21-2196742219-2737495621-1387259624-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2196742219-2737495621-1387259624-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.8] : homepage = "hxxp://search.babylon.com/?affID=114336&tt=4712_5&babsrc=HP_ss&mntrId=c2e0e92600000000000000164480f94d",
Found [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114336&tt=4712_5&babsrc=HP_ss&mntrId=c2e0e92600000000000000164480f94d" ]
Found [l.1371] : homepage = "hxxp://search.babylon.com/?affID=114336&tt=4712_5&babsrc=HP_ss&mntrId=c2e0e92600000000000000164480f94d",
Found [l.1558] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114336&tt=4712_5&babsrc=HP_ss&mntrId=c2e0e92600000000000000164480f94d" ]

*************************

AdwCleaner[R1].txt - [13526 octets] - [26/11/2012 16:34:39]

########## EOF - C:\AdwCleaner[R1].txt - [13587 octets] ##########

#6 Příspěvek od **vyosek** » 26 lis 2012 16:51

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Michaelus · #7 Příspěvek od **Michaelus** » 26 lis 2012 17:03

tak jsem tady, přikládám log

# AdwCleaner v2.009 - Logfile created 11/26/2012 at 16:55:02
# Updated 24/11/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Michal - MICHAL-PC
# Boot Mode : Normal
# Running from : C:\Users\Michal\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Bandoo Coordinator
Stopped & Deleted : ICQ Service

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Bandoo
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\free-downloads.net
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\Movier-media
Folder Deleted : C:\Program Files\MyAshampoo
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\Program Files\Windows Searchqu Toolbar
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Bandoo
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
Folder Deleted : C:\Users\Michal\AppData\Local\Conduit
Folder Deleted : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\Michal\AppData\Local\Temp\Software
Folder Deleted : C:\Users\Michal\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Michal\AppData\LocalLow\free-downloads.net
Folder Deleted : C:\Users\Michal\AppData\LocalLow\Movier-media
Folder Deleted : C:\Users\Michal\AppData\LocalLow\MyAshampoo
Folder Deleted : C:\Users\Michal\AppData\LocalLow\SearchquTB
Folder Deleted : C:\Users\Michal\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Michal\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Michal\AppData\Roaming\Bandoo

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = toolbar\datamngr\datamngr.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\free-downloads.net
Key Deleted : HKCU\Software\AppDataLow\Software\Movier-media
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutb
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\free-downloads.net Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Movier-media Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyAshampoo Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{12C5F950-52F0-4C3C-A3BE-3CAF889C0A78}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin
Key Deleted : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{12C5F950-52F0-4C3C-A3BE-3CAF889C0A78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8A5301B-B8A1-433B-B7B9-3872B95CBAF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9A09076-E33C-4EEC-822E-F8198DAAA017}
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2186473
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\free-downloads.net
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95D40741-CE4C-446E-BAC6-F4308A58BA4B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC9AC6CE-856C-4A3E-B8BA-8CBE478F90DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECDEE021-0D17-467F-A1FF-C7A115230949}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E8A5301B-B8A1-433B-B7B9-3872B95CBAF7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9A09076-E33C-4EEC-822E-F8198DAAA017}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\free-downloads.net Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Movier-media Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\Software\Movier-media
Key Deleted : HKLM\Software\MyAshampoo
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\uTorrentControl2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ECDEE021-0D17-467F-A1FF-C7A115230949}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.babylon.com/?affID=114336&tt=4712_5&babsrc=HP_ss&mntrId=c2e0e926000[...]
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114336&tt=4712_5&babsrc=H[...]
Deleted [l.1371] : homepage = "hxxp://search.babylon.com/?affID=114336&tt=4712_5&babsrc=HP_ss&mntrId=c2e0e926000000[...]
Deleted [l.1558] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114336&tt=4712_5&babsrc=HP_s[...]

*************************

AdwCleaner[R1].txt - [13657 octets] - [26/11/2012 16:34:39]
AdwCleaner[S1].txt - [13546 octets] - [26/11/2012 16:55:02]

########## EOF - C:\AdwCleaner[S1].txt - [13607 octets] ##########

#8 Příspěvek od **vyosek** » 26 lis 2012 17:05

Dejte log z DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Michaelus · #9 Příspěvek od **Michaelus** » 26 lis 2012 17:17

Prozatím vkládám DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455
Run by Michal at 17:09:46 on 2012-11-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3326.1747 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\ehome\ehmsas.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Windows\system32\spool\drivers\w32x86\hpzstatn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=desktop
uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} -
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} -
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} -
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
TB: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} -
TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
EB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} -
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_SAA04.tmp" /EF "HKCU"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Windows® NetMeeting] c:\users\michal\appdata\roaming\netmeeting\ca32.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [hpfsched] c:\windows\hpfsched.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WindowsUpdate] c:\windows\system32\win32.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NSU_agent] "c:\program files\nokia\nokia software updater\nsu3ui_agent.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex
StartupFolder: c:\users\michal\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\assassin's creed\register\RegistrationReminder.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/s ... ab_nvd.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/n ... rtScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{32172FAA-7755-47CD-81D4-DEB6EDB72D70} : NameServer = 192.168.53.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~1\windows searchqu c:\progra~1\bandoo\bndhook.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {F36249D5-6DAD-8198-3098-43CDAEE6AF96} - c:\windows\system32\win32.exe
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 MpKsl87513c11;MpKsl87513c11;c:\programdata\microsoft\microsoft antimalware\definition updates\{c4380d33-8f2a-4b78-bfca-fc6463ae06af}\MpKsl87513c11.sys [2012-11-26 29904]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-7-30 277736]
R2 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-18 21504]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-12-27 198240]
R2 hpzstatn;Printer Status Server;c:\windows\system32\spool\drivers\w32x86\hpzstatn.exe [2000-6-21 503296]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-5-14 624856]
R2 SearchIndexer;Search Indexer;c:\windows\system32\svchost.exe -k netsvcs [2008-8-18 21504]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-29 232512]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-12-27 1129344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-2-26 493568]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .ini: inifile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-26 16:00:48 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c4380d33-8f2a-4b78-bfca-fc6463ae06af}\MpKsl87513c11.sys
2012-11-26 14:41:40 -------- d-----w- c:\program files\trend micro
2012-11-26 14:03:19 -------- d-----w- c:\program files\SQUARE ENIX
2012-11-26 13:59:19 -------- d-----w- c:\program files\Steam
2012-11-25 11:56:44 -------- d-----w- c:\windows\system32\wbem\Logs
2012-11-25 10:53:56 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c4380d33-8f2a-4b78-bfca-fc6463ae06af}\mpengine.dll
2012-11-25 10:38:52 270848 ----a-w- c:\windows\system32\igfxupdate.exe
2012-11-25 10:38:39 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-24 17:49:15 -------- d-----w- c:\users\michal\.VirtualBox
2012-11-24 17:47:51 -------- d-----w- c:\program files\Oracle
2012-11-23 14:39:10 -------- d-----w- c:\windows\Downloaded Program Files
2012-11-22 21:25:04 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2012-11-22 20:16:58 -------- d-----w- c:\users\michal\appdata\roaming\ParetoLogic
2012-11-22 20:16:58 -------- d-----w- c:\users\michal\appdata\roaming\DriverCure
2012-11-22 20:16:53 -------- d-----w- c:\program files\common files\ParetoLogic
2012-11-22 20:16:52 -------- d-----w- c:\programdata\ParetoLogic
2012-11-22 20:16:52 -------- d-----w- c:\program files\ParetoLogic
2012-11-22 19:18:47 -------- d-----w- c:\users\michal\{9ecffe79-742a-4793-8eab-c802973f1e18}
2012-11-22 19:18:23 20335464 ----a-w- c:\windows\system32\nvoglv32.dll
2012-11-22 19:18:23 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-11-22 19:18:23 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-11-22 19:18:22 9364840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-11-22 19:18:22 7818504 ----a-w- c:\windows\system32\nvcuda.dll
2012-11-22 19:18:22 6149904 ----a-w- c:\windows\system32\nvopencl.dll
2012-11-22 19:18:22 2606440 ----a-w- c:\windows\system32\nvcuvid.dll
2012-11-22 19:15:46 -------- d-----w- c:\windows\cs
2012-11-22 19:14:14 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-11-22 19:12:10 89944 ----a-w- c:\program files\common files\windows live\.cache\45572fc31cdc8e506\DSETUP.dll
2012-11-22 19:12:10 537432 ----a-w- c:\program files\common files\windows live\.cache\45572fc31cdc8e506\DXSETUP.exe
2012-11-22 19:12:10 1801048 ----a-w- c:\program files\common files\windows live\.cache\45572fc31cdc8e506\dsetup32.dll
2012-11-22 19:12:03 525656 ----a-w- c:\program files\common files\windows live\.cache\405fabf31cdc8e505\DXSETUP.exe
2012-11-22 19:12:02 94040 ----a-w- c:\program files\common files\windows live\.cache\405fabf31cdc8e505\DSETUP.dll
2012-11-22 19:12:02 1691480 ----a-w- c:\program files\common files\windows live\.cache\405fabf31cdc8e505\dsetup32.dll
2012-11-22 19:11:06 -------- d-----w- c:\users\michal\appdata\local\Windows Live
2012-11-22 19:11:06 -------- d-----w- c:\program files\common files\Windows Live
2012-11-22 19:10:22 754688 ----a-w- c:\windows\system32\webservices.dll
2012-11-22 19:02:46 410112 ----a-w- c:\windows\system32\taskhost.rs
2012-11-22 19:02:46 270848 ----a-w- c:\windows\system32\SearchEngine.rs
2012-11-22 19:02:45 371712 ----a-w- c:\windows\system32\SearchIndexer.dll
2012-11-22 19:02:40 -------- d-----w- c:\windows\system32\update
2012-11-22 16:06:35 -------- d-----w- c:\users\michal\appdata\roaming\GlarySoft
2012-11-22 15:53:53 -------- d-----w- c:\programdata\Iomatic
2012-11-22 14:54:26 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2012-11-22 14:52:08 -------- d-----w- c:\users\michal\appdata\roaming\PC Cleaners
2012-11-22 14:52:07 4589880 ----a-w- c:\windows\uninst.exe
2012-11-22 14:52:03 -------- d-----w- c:\users\michal\appdata\roaming\PCPro
2012-11-22 14:52:03 -------- d-----w- c:\programdata\PC1Data
2012-11-20 18:32:57 -------- d-----w- c:\users\michal\appdata\roaming\Theta
2012-11-19 11:47:54 -------- d-sh--w- c:\users\michal\Drivers
2012-11-16 18:44:08 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 18:44:07 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 18:09:59 2032 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-11-08 11:20:57 -------- d-----w- c:\users\michal\appdata\local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2012-11-20 09:46:41 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-20 09:46:32 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-11-09 16:35:00 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-11-09 16:35:00 2496976 ----a-w- c:\windows\system32\nvapi.dll
2012-11-09 16:35:00 15117136 ----a-w- c:\windows\system32\nvd3dum.dll
2012-11-09 16:35:00 12541648 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-11-09 16:35:00 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-11-09 12:19:35 3984744 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-09 12:19:23 2869608 ----a-w- c:\windows\system32\nvsvc.dll
2012-11-09 12:19:14 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-09 12:19:14 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-09 12:19:13 645480 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-09 12:19:13 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-11 07:49:44 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 07:49:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-03 19:38:04 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-03 19:38:04 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-30 20:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 20:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 13:46:44 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 17:13:55,40 ===============

Michaelus · #10 Příspěvek od **Michaelus** » 26 lis 2012 17:22

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/26/2012 05:21:35 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\spool\drivers\w32x86\hpzstatn.exe (PID: 3316) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 11/26/2012 05:21:50 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

Michaelus · #11 Příspěvek od **Michaelus** » 26 lis 2012 17:39

tak dokončeno, zde přikládám log

ComboFix 12-11-26.02 - Michal 26.11.2012 17:25:51.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3326.1937 [GMT 1:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Michal\AppData\Roaming\cglogs.dat
c:\users\Michal\AppData\Roaming\chrtmp
c:\users\Michal\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
c:\windows\system32\delete.bat
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\tmp1F3.tmp
c:\windows\system32\tmp3CAF.tmp
c:\windows\system32\tmp3CCF.tmp
c:\windows\system32\tmp4C2.tmp
c:\windows\system32\tmp96E3.tmp
c:\windows\system32\tmp978F.tmp
c:\windows\system32\tmpD56D.tmp
c:\windows\system32\tmpD58D.tmp
c:\windows\system32\update\diablo121016.cl
c:\windows\system32\update\diakgcn121016.cl
c:\windows\system32\update\igfxupdate.exe
c:\windows\system32\update\libcurl-4.dll
c:\windows\system32\update\libeay32.dll
c:\windows\system32\update\libidn-11.dll
c:\windows\system32\update\libusb-1.0.dll
c:\windows\system32\update\phatk121016.cl
c:\windows\system32\update\poclbm121016.cl
c:\windows\system32\update\poclbm121016GeForce 8800 GTv1w256l4.bin
c:\windows\system32\update\pthreadGC2.dll
c:\windows\system32\update\scrypt121016.cl
c:\windows\system32\update\ssleay32.dll
c:\windows\system32\update\zlib1.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\win32.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-26 do 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-26 16:34 . 2012-11-26 16:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-26 16:34 . 2012-11-26 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 16:15 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3782151E-257F-4074-AC3E-B869368F4317}\mpengine.dll
2012-11-26 14:41 . 2012-11-26 14:41 -------- d-----w- c:\program files\trend micro
2012-11-26 14:41 . 2012-11-26 14:51 -------- d-----w- C:\rsit
2012-11-26 14:03 . 2012-11-26 14:03 -------- d-----w- c:\program files\SQUARE ENIX
2012-11-26 13:59 . 2012-11-26 16:01 -------- d-----w- c:\program files\Steam
2012-11-25 11:56 . 2012-11-26 14:01 -------- d-----w- c:\windows\system32\wbem\Logs
2012-11-25 10:53 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-25 10:38 . 2012-11-22 20:54 270848 ----a-w- c:\windows\system32\igfxupdate.exe
2012-11-24 17:49 . 2012-11-25 11:37 -------- d-----w- c:\users\Michal\.VirtualBox
2012-11-24 17:47 . 2012-11-26 13:58 -------- d-----w- c:\program files\Oracle
2012-11-23 14:39 . 2012-11-23 14:39 -------- d-----w- c:\windows\Downloaded Program Files
2012-11-22 21:25 . 2012-11-25 10:36 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2012-11-22 20:34 . 2012-11-22 20:51 -------- d-----w- c:\windows\Debug
2012-11-22 20:16 . 2012-11-22 20:16 -------- d-----w- c:\users\Michal\AppData\Roaming\ParetoLogic
2012-11-22 20:16 . 2012-11-22 20:16 -------- d-----w- c:\users\Michal\AppData\Roaming\DriverCure
2012-11-22 20:16 . 2012-11-22 20:16 -------- d-----w- c:\program files\Common Files\ParetoLogic
2012-11-22 20:16 . 2012-11-22 20:16 -------- d-----w- c:\programdata\ParetoLogic
2012-11-22 20:16 . 2012-11-22 20:16 -------- d-----w- c:\program files\ParetoLogic
2012-11-22 19:18 . 2012-11-22 19:19 -------- d-----w- c:\users\Michal\{9ecffe79-742a-4793-8eab-c802973f1e18}
2012-11-22 19:18 . 2012-11-09 16:35 20335464 ----a-w- c:\windows\system32\nvoglv32.dll
2012-11-22 19:18 . 2012-11-09 16:35 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-11-22 19:18 . 2012-11-09 16:35 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-11-22 19:18 . 2012-11-09 16:35 9364840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-11-22 19:18 . 2012-11-09 16:35 7818504 ----a-w- c:\windows\system32\nvcuda.dll
2012-11-22 19:18 . 2012-11-09 16:35 6149904 ----a-w- c:\windows\system32\nvopencl.dll
2012-11-22 19:18 . 2012-11-09 16:35 2606440 ----a-w- c:\windows\system32\nvcuvid.dll
2012-11-22 19:15 . 2012-11-22 19:15 -------- d-----w- c:\windows\cs
2012-11-22 19:14 . 2012-11-22 19:14 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-11-22 19:12 . 2012-11-22 19:13 -------- d-----w- c:\program files\Windows Live
2012-11-22 19:11 . 2012-11-22 19:11 -------- d-----w- c:\users\Michal\AppData\Local\Windows Live
2012-11-22 19:11 . 2012-11-22 19:11 -------- d-----w- c:\program files\Common Files\Windows Live
2012-11-22 19:10 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-11-22 19:02 . 2012-11-22 20:54 410112 ----a-w- c:\windows\system32\taskhost.rs
2012-11-22 19:02 . 2012-11-22 20:54 270848 ----a-w- c:\windows\system32\SearchEngine.rs
2012-11-22 19:02 . 2012-11-22 19:36 371712 ----a-w- c:\windows\system32\SearchIndexer.dll
2012-11-22 19:02 . 2012-11-26 16:33 -------- d-----w- c:\windows\system32\update
2012-11-22 16:06 . 2012-11-22 16:26 -------- d-----w- c:\users\Michal\AppData\Roaming\GlarySoft
2012-11-22 15:53 . 2012-11-22 15:53 -------- d-----w- c:\programdata\Iomatic
2012-11-22 14:54 . 2012-11-22 14:54 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2012-11-22 14:52 . 2012-11-22 20:30 -------- d-----w- c:\users\Michal\AppData\Roaming\PC Cleaners
2012-11-22 14:52 . 2012-11-22 14:51 4589880 ----a-w- c:\windows\uninst.exe
2012-11-22 14:52 . 2012-11-22 14:52 -------- d-----w- c:\users\Michal\AppData\Roaming\PCPro
2012-11-22 14:52 . 2012-11-22 14:52 -------- d-----w- c:\programdata\PC1Data
2012-11-22 14:30 . 2012-11-22 14:30 -------- d-----w- c:\windows\Sun
2012-11-20 18:32 . 2012-11-20 18:32 -------- d-----w- c:\users\Michal\AppData\Roaming\Theta
2012-11-19 11:47 . 2012-11-20 10:35 -------- d-sh--w- c:\users\Michal\Drivers
2012-11-19 07:27 . 2012-11-20 09:46 -------- d-----w- c:\program files\Ubisoft
2012-11-16 18:44 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 18:44 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 18:09 . 2012-11-16 18:09 2032 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-11-14 13:48 . 2012-11-22 20:30 -------- d-----w- c:\users\Michal\AppData\Roaming\Sony
2012-11-08 11:20 . 2012-11-08 11:20 -------- d-----w- c:\users\Michal\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 19:12 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-20 09:46 . 2009-05-28 11:09 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-20 09:46 . 2009-05-28 11:09 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-11-09 16:35 . 2012-10-10 20:14 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-11-09 16:35 . 2011-09-29 18:49 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-11-09 16:35 . 2010-02-26 12:01 12541648 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-11-09 16:35 . 2007-12-27 18:41 2496976 ----a-w- c:\windows\system32\nvapi.dll
2012-11-09 16:35 . 2007-12-27 18:41 15117136 ----a-w- c:\windows\system32\nvd3dum.dll
2012-11-09 12:19 . 2010-01-11 21:18 3984744 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-09 12:19 . 2010-01-11 21:18 2869608 ----a-w- c:\windows\system32\nvsvc.dll
2012-11-09 12:19 . 2010-01-11 21:18 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-09 12:19 . 2010-01-11 21:18 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-09 12:19 . 2010-01-11 21:18 645480 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-09 12:19 . 2010-01-11 21:18 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-11 07:49 . 2012-10-11 07:49 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 07:49 . 2012-10-11 07:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-28 06:51 . 2012-10-20 10:13 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B3AAC6D-B85B-4839-8901-EC36BC58C43E}\gapaengine.dll
2012-09-28 06:51 . 2011-03-26 11:33 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-13 13:28 . 2012-10-10 19:01 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-03 19:38 . 2008-08-29 13:52 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-03 19:38 . 2008-08-29 13:52 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 20:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 13:46 . 2012-08-30 13:46 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-29 11:27 . 2012-10-10 19:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 19:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Windows® NetMeeting"="c:\users\Michal\AppData\Roaming\NetMeeting\ca32.exe" [2010-04-05 0]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-11-22 968592]
"Steam"="c:\program files\Steam\Steam.exe" [2012-11-26 1353080]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-09 55072]
"hpfsched"="c:\windows\hpfsched.exe" [2000-06-21 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-18 202256]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Assassin.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 07:49]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-11 07:49]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-11 07:49]
.
2012-11-25 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-11-25 02:25]
.
2012-11-22 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25]
.
2012-11-22 c:\windows\Tasks\RegCure Pro.job
- c:\program files\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-11-22 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{32172FAA-7755-47CD-81D4-DEB6EDB72D70}: NameServer = 192.168.53.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_ActiveSetup-{F36249D5-6DAD-8198-3098-43CDAEE6AF96} - c:\windows\system32\win32.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-26 17:34
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=hex:51,66,7a,6c,4c,1d,38,12,4f,e3,cd,
e8,25,43,11,03,de,e9,84,e1,10,7d,4d,5d
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"=hex:51,66,7a,6c,4c,1d,38,12,60,59,f4,
a5,a5,0d,c6,0e,c4,46,a2,df,b3,36,d4,e0
"{7FF99715-3016-4381-84CE-E4E4C9673020}"=hex:51,66,7a,6c,4c,1d,38,12,7b,94,ea,
7b,24,7e,ef,06,fb,d8,a7,a4,cc,39,74,34
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=hex:51,66,7a,6c,4c,1d,38,12,78,38,4c,
81,00,23,88,0a,f5,40,f8,f6,90,c6,d4,52
"{CE10BF86-DA68-441E-91FA-38336363E3CD}"=hex:51,66,7a,6c,4c,1d,38,12,e8,bc,03,
ca,5a,94,70,01,ee,ec,7b,73,66,3d,a7,d9
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EB5CEE80-030A-4ED8-8E20-454E9C68380F}"=hex:51,66,7a,6c,4c,1d,38,12,ee,ed,4f,
ef,38,4d,b6,0b,f1,36,06,0e,99,36,7c,1b
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{12C5F950-52F0-4C3C-A3BE-3CAF889C0A78}"=hex:51,66,7a,6c,4c,1d,38,12,3e,fa,d6,
16,c2,1c,52,09,dc,a8,7f,ef,8d,c2,4e,6c
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d8,95,35,73,fe,ec,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,65,df,42,5a,7f,0b,49,85,8b,e3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,65,df,42,5a,7f,0b,49,85,8b,e3,\
.
[HKEY_USERS\S-1-5-21-2196742219-2737495621-1387259624-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ea,71,ca,36,76,03,a8,6c,ea,64,10,f3,4f,2f,86,85,47,f4,53,a2,aa,3b,85,
bb,4a,c7,d8,d2,b3,69,b1,46,b4,08,19,ca,95,2d,c5,9f,83,94,0d,93,83,ba,47,b6,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2196742219-2737495621-1387259624-1000\Software\SecuROM\License information*]
"datasecu"=hex:57,cb,e5,73,fa,1d,45,b5,1e,4d,af,dd,85,f9,3f,f6,f2,7b,f2,61,97,
4d,8e,a3,86,8a,79,33,2b,90,88,63,10,8f,ae,a6,b7,48,54,1a,47,7a,6f,f1,2d,e6,\
"rkeysecu"=hex:09,92,97,99,8e,2e,85,cc,41,78,be,21,89,0d,f8,c1
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-11-26 17:36:15
ComboFix-quarantined-files.txt 2012-11-26 16:36
.
Před spuštěním: Volných bajtů: 243 283 701 760
Po spuštění: Volných bajtů: 243 296 845 824
.
- - End Of File - - 8D80C268A81A67B7BB2B4C9BC6C08BBF

#12 Příspěvek od **vyosek** » 26 lis 2012 18:34

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

c:\windows\system32\jureg.exe
c:\users\Michal\AppData\Roaming\NetMeeting\ca32.exe
Kliknete na Choose file
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Scan It
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Michaelus · #13 Příspěvek od **Michaelus** » 26 lis 2012 18:47

Zde jsou odkazy

https://www.virustotal.com/file/baaf3af ... 353951819/

https://www.virustotal.com/file/e3b0c44 ... 353951906/

#14 Příspěvek od **vyosek** » 26 lis 2012 18:47

Vas log se studuje Obrázek

a pracuje se na nem Obrázek

.
Prosim o strpeni! Obrázek

#15 Příspěvek od **vyosek** » 26 lis 2012 18:53

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\system32\igfxupdate.exe
c:\windows\system32\jureg.exe
c:\users\Michal\AppData\Roaming\NetMeeting\ca32.exe

Folder::
c:\users\Michal\AppData\Roaming\NetMeeting

DirLook::
c:\users\Michal\{9ecffe79-742a-4793-8eab-c802973f1e18}

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=-
"Windows® NetMeeting"=-
"uTorrent"=-
"Steam"=-
"DAEMON Tools Pro Agent"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateReg"=-
"HP Software Update"=-
"Adobe Reader Speed Launcher"=-
"TkBellExe"=-
"NSU_agent"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

File::
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin.LNK
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\RegCure Pro.job

NetSvc::
SearchIndexer

Driver::
SearchIndexer
gupdate
gupdatem

DDS::
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} -
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} -
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - 
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
BHO: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} -
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - 
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
TB: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} -
TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - 
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
EB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - AppInit_DLLs= c:\progra~1\windows searchqu c:\progra~1\bandoo\bndhook.dll 
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

RegNull::
[HKEY_USERS\S-1-5-21-2196742219-2737495621-1387259624-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-2196742219-2737495621-1387259624-1000\Software\SecuROM\License information*]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

CPU v klidu 100%

CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%

Re: CPU v klidu 100%